India's privately-owned airline SpiceJet has denied the data breach reports of about a million passengers.
The airline also said that there was no security lapse in its systems.
"There was no data breach in any of SpiceJet's servers. At SpiceJet, safety and security of our fliers' data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers' data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level," a SpiceJet spokesperson said.
According to TechCrunch, a security researcher "gained access to one of SpiceJet's systems by brute-forcing the system's easily guessable password" and described their actions as ethical hacking.
The database backup file on the system was unencrypted, allowing access to private information of more than 1.2 million passengers last month, the report said.
The details allegedly included flight information and details of each passenger, including their name, phone number, email address, and date of birth.